Phishing has been in the news and on social media a lot in recent months. Have you received an email from HMRC, PayPal, your bank, delivery companies like UPS, or maybe you’ve received an email claiming ‘you’ve won an iPhone!’? These are common examples of phishing emails aiming to catch you out.
A phishing email is designed and targeted by cybercriminals or ‘hackers’ to create the illusion of a genuine email. They normally claim to be a company that does exist, but the email will not be from the genuine company. For example, they could be trying to look like a delivery company that was ‘unable to deliver your parcel’ or HMRC with ‘fraud that needs to be actioned’. These emails can look very genuine but will have dangerous consequences. Most often these emails will contain a link that when clicked by the user will usually ask for some sort of personal details or can place viruses or software onto your device.
Nourish has noticed an increase in attempted phishing emails in the sector over the last 6 months, these emails are targeted and can look very genuine. Some phishing emails have come to us pretending to be from companies such as care providers, NHS, HMRC, Microsoft and many more, some of which have been very good copies. These emails look exactly like a message from an organisation or person you trust. Official sources should never be asking you for any sensitive information via email.
Attacks can cause serious problems if not handled correctly or caught early. The hackers can install malware or ransomware, sabotage systems, steal intellectual property or money, steal or lock access to data or personal information.
The costs to recover this can be very large if they ever do return the property or data they have stolen or accessed. They simply may publish the information which could lead to claims or reputation damage.
The cost of productivity to recover or recreate what is stolen or lost may also cost a company significantly.
It can cause loss of customers if trust is broken, and they may no longer trust the organisation to keep their information or customer data safe.
Financial costs of fines or penalties for breach of regulatory requirements would also be a considered factor if there is more that could have been done to prevent the attack.
Knowing for sure is impossible however, some key things to look out for to identify a phishing email are:
If you believe an email may be suspicious or phishing, ensure firstly that you do not click on any links or attachments. If you think it might not be genuine but is something you are unsure about, find a phone number for the company on another source and call to validate.
If the email is sent from a person you think you might know, contact them on another method of communication to ensure that they sent the email.
Most email providers allow a reporting option to report any suspicious emails, this allows email systems to improve the detection of phishing emails. Some providers will also spam emails into a separate spam inbox.
Finally, when you suspect or think it is a phishing email delete the email from your inbox to avoid accidentally clicking or opening in the future.
First, don’t panic! Make a note of everything you can remember happening, especially taking a note of any information you think they may have gathered from you during the phishing attempt.
Change any passwords as soon as you realise you may have been compromised, also changing the password if it is used elsewhere.
Where possible check any access to the account in question to see if any new attempts have been made to access it.
If this attack was on a work or school computer, contact the appropriate person or IT Department as soon as possible in order to start working toward securing all accounts where possible.
If you shared any information including card or bank details contact your local police, bank and card company as soon as possible as they will be able to stop the cards or money being taken if it is still yet to happen.
As discussed, the consequences can be significant. However, there are ways you can protect your care service:
Being vigilant to phishing emails and knowing what to do if you do receive one and even what to do if you become a victim of one is extremely important.
To find out about Nourish’s data security management take a look at our blog.